aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTianling Shen <cnsztl@immortalwrt.org>2023-05-26 12:09:47 +0800
committerHauke Mehrtens <hauke@hauke-m.de>2023-05-31 23:10:06 +0200
commit14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9 (patch)
treebc2da8e7bf4aecbd611537d14ea1bf7d2ea39933
parent20295c071a6285066b847a9ad2bc1b7d1f6e5e88 (diff)
downloadupstream-14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9.tar.gz
upstream-14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9.tar.bz2
upstream-14cbf041ea46ab936f5ac4e9c05d67e3259e3bd9.zip
ca-certificates: Update to version 20230311
Update the ca-certificates and ca-bundle package from version 20211016 to version 20230311. Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches. Debian change-log entry [1]: |[...] |[ Đoàn Trần Công Danh ] |* ca-certificates: compat with non-GNU mktemp (closes: #1000847) | |[ Ilya Lipnitskiy ] |* certdata2pem.py: use UTC time when checking cert validity | |[ Julien Cristau ] |* Update Mozilla certificate authority bundle to version 2.60 | The following certificate authorities were added (+): | + "Autoridad de Certificacion Firmaprofesional CIF A62634068" | + "Certainly Root E1" | + "Certainly Root R1" | + "D-TRUST BR Root CA 1 2020" | + "D-TRUST EV Root CA 1 2020" | + "DigiCert TLS ECC P384 Root G5" | + "DigiCert TLS RSA4096 Root G5" | + "E-Tugra Global Root CA ECC v3" | + "E-Tugra Global Root CA RSA v3" | + "HARICA TLS ECC Root CA 2021" | + "HARICA TLS RSA Root CA 2021" | + "HiPKI Root CA - G1" | + "ISRG Root X2" | + "Security Communication ECC RootCA1" | + "Security Communication RootCA3" | + "Telia Root CA v2" | + "TunTrust Root CA" | + "vTrus ECC Root CA" | + "vTrus Root CA" | The following certificate authorities were removed (-): | - "Cybertrust Global Root" (expired) | - "EC-ACC" | - "GlobalSign Root CA - R2" (expired) | - "Hellenic Academic and Research Institutions RootCA 2011" | - "Network Solutions Certificate Authority" | - "Staat der Nederlanden EV Root CA" (expired) |* Drop trailing space from debconf template causing misformatting | (closes: #980821) | |[ Wataru Ashihara ] |* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244) |[...] [1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> (cherry picked from commit 7c83b6ac8656f9a3b005554d25857e8ed5faf3f6)
-rw-r--r--package/system/ca-certificates/Makefile14
-rw-r--r--package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch8
2 files changed, 9 insertions, 13 deletions
diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
index 9fac32e7e3..ec588cc65b 100644
--- a/package/system/ca-certificates/Makefile
+++ b/package/system/ca-certificates/Makefile
@@ -7,17 +7,20 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ca-certificates
-PKG_VERSION:=20211016
+PKG_VERSION:=20230311
PKG_RELEASE:=1
PKG_MAINTAINER:=
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@DEBIAN/pool/main/c/ca-certificates
-PKG_HASH:=2ae9b6dc5f40c25d6d7fe55e07b54f12a8967d1955d3b7b2f42ee46266eeef88
+PKG_HASH:=83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
+TAR_OPTIONS+= --strip-components 1
+TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
+
define Package/ca-certificates
SECTION:=base
CATEGORY:=Base system
@@ -34,13 +37,6 @@ define Package/ca-bundle
PROVIDES:=ca-certs
endef
-define Build/Prepare
- $(DECOMPRESS_CMD) $(HOST_TAR) -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
- $(Build/Patch)
-endef
-
-MAKE_PATH := work
-
define Build/Install
mkdir -p \
$(PKG_INSTALL_DIR)/usr/sbin \
diff --git a/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch b/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch
index add01f42c0..09092617f1 100644
--- a/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch
+++ b/package/system/ca-certificates/patches/0001-ca-certificates-fix-python3-cryptography-woes-in-cer.patch
@@ -18,8 +18,8 @@ Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
---
---- a/work/mozilla/certdata2pem.py
-+++ b/work/mozilla/certdata2pem.py
+--- a/mozilla/certdata2pem.py
++++ b/mozilla/certdata2pem.py
@@ -21,16 +21,12 @@
# USA.
@@ -42,8 +42,8 @@ Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-- if cert.not_valid_after < datetime.datetime.now():
+- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)